A census of the Starlette host-header auth bypass Persistent Security - research writeup. Aggregate findings only; per-target detail is withheld pending the coordinated-disclosure window (public deadline 2026-08-26). Classification: TLP:AMBER. 2,856 findings (deduped) ~2,393 confirmed vulnerable 58 countries ~78% fail-open (Tier 1) TL;DR CVE-2026-48710 is a Starlette host-header authentication bypass. Because FastAPI is built on Starlette, the affected population spans applic

By the Persistent Security Research Team - May 2026 Process Injection - MITRE ATT&CK T1055.002 Last time, we loaded mimikatz entirely from memory without Defender noticing. This time, we take the next step: cross-process injection into one of Windows' most sensitive processes to check if AV or EDRs will catch this! We inject a .NET CLR runtime into winlogon.exe, read stored credentials from registry, and exfiltrate them over DNS - all without triggering a single Defender aler

By the Persistent Security Research Team - April 2026 Portable Executable Injection - MITRE ATT&CK T1055.002 When Defender sees mimikatz, it kills it. On disk, in a ZIP being extracted, in a PowerShell script that references it - the binary has thousands of signatures pointing at it from every angle. Yet it's still one of the most useful tools for red teamers and bad actors alike! So how do you run mimikatz on a fully patched Windows 11 system with Defender at latest signatur

By the Persistent Security Research Team — April 2026 Introducing the Month of Bypasses Today we're launching a new series: the Month of Bypasses. We'll publish bypasses for known MITRE attack techniques on a regular basis over the coming 30 days, each one discovered by AI-driven variant analysis using our Nemesis Breach and Attack Simulation (BAS) platform. Why? Because that's what Defenders are doing right now as well: Using AI automation to revive their proven tool sets. S

When we set out to integrate AI capabilities into Nemesis, our Breach and Attack Simulation platform, we faced a common challenge: how do you build a flexible AI agent that supports multiple LLM backends (including OpenAI, Claude/Anthropic, other future models) while exposing them through different user interfaces tailored to distinct workflows? The answer lay in creating a clean separation of concerns with two layers of abstraction : a backend interface that normalizes diffe

Yesterday's news told the same story we hear every week: another supply chain attack, another NPM compromise, another reminder that traditional security approaches aren't keeping pace with reality. This time it was the Shai Hulud worm infecting thousands of GitHub projects. But here's the thing, this exact attack happened 69 days ago. And 4 years ago. Same technique, same exploitation path, just more sophisticated execution. The security industry loves to panic after each bre

We all know this: AI is transforming cyber threats. Attackers now use it to find vulnerabilities faster, automate complex attack chains, and evade detection with unprecedented sophistication. AI presents many opportunities for defenders as well, however we see the security industry wrapping AI around traditional tools and calling it innovation. At Nemesis, we took a different approach: we built an AI operator that actually runs security validation, not just reports on it. The

The recent NPM supply chain attacks affecting over 2 billion weekly downloads have prompted extensive security analysis across the...

Not to be that person, but... ...We've been shouting this from the rooftops for ages 📢 The recent npmjs.help breach has everyone doing...

Known for their targeted ransomware campaigns and advanced persistence techniques, FIN8 has caused significant damage across multiple...

In the previous articles, we've discussed the theoretical and practical foundations of prompt injection attacks. In this concluding part,...

In the second part of this series we’re going to explore how yet underrated aspects of prompt injections have the potential to make them...

Prompt injection represents a fundamental flaw in modern Large Language Models (LLMs), rooted in their inability to reliably distinguish...

Persistence is in our name, and gaining persistent root access is often the crown jewel of any attack chain. Today, we're diving deep...

In today's threat landscape, cybersecurity teams face a critical challenge: preventing sensitive data from leaving their networks through...

After analyzing the 2017 NotPetya attack - arguably history's most devastating cyber offensive with over $10 billion in damages - we're...